Security Expert Uncovers Serious iPhone SMS Vulnerability
Security expert Charlie Miller, which you might remember from the PWN2OWN competition where he managed to hack into Apple’s Safari in about 10 seconds, has uncovered a rather nasty security vulnerability affecting the iPhone. The vulnerability that Charlie Miller uncovered refers to the manner in which the iPhone handles text messages (SMS), which in turn could grant a person with malicious intent to gain root access to the device.
Unfortunately for those of you that want more details on the matter, Charlie Miller could not provide in-depth details on the vulnerability he uncovered, for obvious security reasons. If the details were to be released before Apple has time to work on a fix then anyone could potentially exploit this SMS vulnerability.
What we do know is this: the iPhone handles SMS messages in a dangerous manner that could allow a person with malicious intent to remotely install and run unsigned software code with root access on the device. The attacker could for example send software code on the iPhone via SMS and thanks to this malicious code the attacker could turn on the device’s microphone and listen in to your conversation, could turn on the device’s GPS and know precisely where you are, or could add the iPhone to a botnet or distributed denial of service attack.
It sounds gloom, I know, but there is one upside. Charlie Miller does not have an exploit for this vulnerability so far, just a very suspicious crash (he can crash part of the device and temporarily disconnect it from the network). On top of that Apple is reportedly already aware of this issue and is currently working with Miller on a patch. The fix is supposed to be rolled out later this month, before Charlie Miller is due to make a detailed presentation on how to “inject SMS messages into iPhone, Android, and Windows Mobile devices” at the Black Hat 2009 event (25th through 30th of July, Caesar’s Palace, Las Vegas).
In related news, we already know that Apple is working on the iPhone OS 3.1 update. Let’s just hope that alongside the fixes and improvements it has to offer, a fix for this SMS vulnerability is also included.
Tags: Apple, iPhone, SMS, Vulnerability, Charlie Miller
Unfortunately for those of you that want more details on the matter, Charlie Miller could not provide in-depth details on the vulnerability he uncovered, for obvious security reasons. If the details were to be released before Apple has time to work on a fix then anyone could potentially exploit this SMS vulnerability.
Advertising
What we do know is this: the iPhone handles SMS messages in a dangerous manner that could allow a person with malicious intent to remotely install and run unsigned software code with root access on the device. The attacker could for example send software code on the iPhone via SMS and thanks to this malicious code the attacker could turn on the device’s microphone and listen in to your conversation, could turn on the device’s GPS and know precisely where you are, or could add the iPhone to a botnet or distributed denial of service attack.
It sounds gloom, I know, but there is one upside. Charlie Miller does not have an exploit for this vulnerability so far, just a very suspicious crash (he can crash part of the device and temporarily disconnect it from the network). On top of that Apple is reportedly already aware of this issue and is currently working with Miller on a patch. The fix is supposed to be rolled out later this month, before Charlie Miller is due to make a detailed presentation on how to “inject SMS messages into iPhone, Android, and Windows Mobile devices” at the Black Hat 2009 event (25th through 30th of July, Caesar’s Palace, Las Vegas).
In related news, we already know that Apple is working on the iPhone OS 3.1 update. Let’s just hope that alongside the fixes and improvements it has to offer, a fix for this SMS vulnerability is also included.
Tags: Apple, iPhone, SMS, Vulnerability, Charlie Miller
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 09 Feb 2012
Redmond-based software giant Microsoft is giving all US residents the chance to win a Pink Sony VAIO Y laptop (ARV $6,000) as part of a Valentine’s Day Sweepstakes
By George Norman on 09 Feb 2012
The latest stable version of Google Chrome web browser is v. 17.0 which was rolled out to the public on Wednesday, the 8th of February, one day after the release of Chrome for Android Beta 1Related News
By George Norman on 18 Oct 2011
One of the exciting news thing about the new iPhone 4S, apart from the new processor and better camera, is the fact that it comes with a new intelligent assistant that responds to voice commands. That new assistant 
By George Norman on 14 Dec 2011
Little over a week from now it will be Christmas, and you know what that means – you will have to give your friends and loved ones a nice gift. If you can’t think of something to gift the people you care about, I have an interesting suggestion for you
By George Norman on 06 Oct 2011
The good news that the iPhone 4S powered by iOS5 will be released later this month has been shadowed by the bad news that Apple co-founder Steve Jobs died at age 56. He died on 
By George Norman on 14 Oct 2011
A couple of days back, on the 12th of October to be more precise, Cupertino-based software developer Apple released the iOS 5 with its 200+ new features to the masses. Today we are going to get the device that is worthy of the iOS 5Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Security Expert Uncovers Serious iPhone SMS Vulnerability
HTML Linking Code
HTML Linking Code